webapp2 auth tokens not disappearing

Question

I have an application written on GAE and webapp2. I've noticed that although I have ~50 users in my system, I have 600 auth tokens, many of which are older than the 3 week default maximum age. Are they supposed to disappear? Am I supposed to delete them?

thanks!

Answer 1

Sorry I was unclear. The issue is that the webapp2 authorization tokens have a default expiration of 3 weeks, but there's no mechanism to delete them after that. The result is the database "UserToken" table fills up with old auth tokens.

The answer, then, is to make a cron job delete old tokens occasionally.

See a lot more detail here.

thanks